Vulnerabilities
Recent vulnerabilities
Recent vulnerabilities from
🏠GNA-1 (CIRCL)
Select from 78 available sources using the dropdown above.
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-50356 |
0 (3.1)
|
Press has a potential 2FA bypass |
frappe |
press |
2024-10-31T18:02:42.440Z | 2024-11-01T13:51:00.632Z |
| CVE-2025-11173 |
0 (4.0)
|
Reauth for enabling 2FA can be bypassed by submitting a form |
Wikimedia Foundation |
OATHAuth |
2026-02-03T00:27:45.487Z | 2026-02-03T21:08:02.478Z |
| CVE-2025-1680 |
0 (4.0)
|
An acceptance of extraneous untrusted data with t… |
Moxa |
TN-4500A Series |
2025-10-23T13:56:39.744Z | 2025-10-23T14:35:30.379Z |
| CVE-2025-26862 |
0 (4.0)
|
PingFederate unexpected browser flow initiation in red… |
Ping Identity |
PingFederate |
2025-10-27T14:39:41.284Z | 2025-10-27T14:48:11.544Z |
| CVE-2025-32696 |
0 (4.0)
|
"reupload-own" restriction can be bypassed by reverting file |
Wikimedia Foundation |
MediaWiki |
2025-04-10T18:28:48.161Z | 2025-11-03T19:53:33.707Z |
| CVE-2025-32697 |
0 (4.0)
|
Cascading protection is not preventing file reversions |
Wikimedia Foundation |
MediaWiki |
2025-04-10T18:29:17.482Z | 2025-04-10T19:05:48.098Z |
| CVE-2025-3469 |
0 (4.0)
|
i18n XSS vulnerability in HTMLMultiSelectField when se… |
Wikimedia Foundation |
MediaWiki |
2025-04-10T18:28:13.370Z | 2025-11-03T19:53:59.985Z |
| CVE-2025-49823 |
0 (3.1)
|
Conda Constructor Command Injection via Unsanitized Us… |
conda |
constructor |
2025-06-17T02:21:17.496Z | 2025-06-17T15:52:25.295Z |
| CVE-2025-61635 |
0 (4.0)
|
Add rate limiting to ApiFancyCaptchaReload |
Wikimedia Foundation |
ConfirmEdit |
2026-02-02T23:26:14.537Z | 2026-02-03T21:13:41.151Z |
| CVE-2025-61644 |
0 (4.0)
|
i18n XSS through Special:Watchlist |
Wikimedia Foundation |
MediaWiki |
2026-02-02T23:57:17.522Z | 2026-02-03T21:03:59.441Z |
| CVE-2025-61654 |
0 (4.0)
|
UserInfoCard: Do permission checking when getting coun… |
Wikimedia Foundation |
Thanks |
2026-02-03T01:08:57.273Z | 2026-03-03T15:44:29.769Z |
| CVE-2025-61657 |
0 (4.0)
|
Improper Neutralization of Input During Web Page … |
Wikimedia Foundation |
Vector |
2026-02-03T01:00:59.692Z | 2026-02-03T21:00:15.785Z |
| CVE-2025-6591 |
0 (4.0)
|
HTML injection in API action=feedcontributions output … |
Wikimedia Foundation |
MediaWiki |
2026-02-02T23:02:33.728Z | 2026-02-28T02:52:57.390Z |
| CVE-2025-6596 |
0 (4.0)
|
Vector inserts portlet labels as HTML, allowing for st… |
Wikimedia Foundation |
Vector |
2026-02-02T22:58:20.912Z | 2026-02-03T21:12:11.934Z |
| CVE-2025-6597 |
0 (4.0)
|
MediaWiki should not consider autocreation as login fo… |
Wikimedia Foundation |
MediaWiki |
2026-02-02T22:57:30.161Z | 2026-03-03T15:39:51.521Z |
| CVE-2025-67479 |
0 (4.0)
|
Magic word replacement in legacy parser allows using r… |
Wikimedia Foundation |
MediaWiki |
2026-02-03T01:12:21.567Z | 2026-03-02T17:42:31.216Z |
| CVE-2025-9340 |
0 (4.0)
|
native encrypt/decrypt operations in JCE may corrupt d… |
Legion of the Bouncy Castle Inc. |
Bouncy Castle for Java |
2025-08-22T09:39:47.303Z | 2025-08-22T10:37:18.585Z |
| CVE-2026-13706 |
0 (4.0)
|
UrlShortener extension url validation can be bypassed … |
Wikimedia Foundation |
UrlShortener |
2026-07-01T14:29:49.167Z | 2026-07-01T15:44:29.349Z |
| CVE-2026-13707 |
0 (4.0)
|
Session fixation attacks on improperly configured OAut… |
Wikimedia Foundation |
OAuth |
2026-07-01T14:32:26.598Z | 2026-07-01T15:46:18.205Z |
| CVE-2026-20188 |
0 (3.1)
|
Cisco Crosswork Network Controller and Cisco Network S… |
Cisco |
Cisco Crosswork Network Change Automation |
2026-05-06T16:15:37.396Z | 2026-05-14T16:30:22.826Z |
| CVE-2026-32732 |
0 (4.0)
|
XSS in @leanprover/unicode-input-component |
leanprover |
vscode-lean4 |
2026-03-13T21:43:22.209Z | 2026-03-16T20:22:43.428Z |
| CVE-2026-3479 |
0 (4.0)
|
pkgutil.get_data() does not enforce documented restrictions |
Python Software Foundation |
CPython |
2026-03-18T18:13:42.288Z | 2026-04-07T22:01:35.724Z |
| CVE-2026-41517 |
0 (4.0)
|
Emlog: Remote Code Execution via Malicious Plugin Upload |
emlog |
emlog |
2026-05-08T21:50:27.441Z | 2026-05-11T18:40:00.681Z |
| CVE-2026-42873 |
0 (3.1)
|
WeGIA: Error Handling Upload DocDependente |
LabRedesCefetRJ |
WeGIA |
2026-05-11T18:34:05.548Z | 2026-05-12T13:39:26.848Z |
| CVE-2026-44427 |
0 (4.0)
|
MCP Registry: Open Redirect |
modelcontextprotocol |
registry |
2026-05-14T21:07:34.364Z | 2026-05-15T13:33:16.949Z |
| CVE-2026-44956 |
0 (3.0)
|
Low‑privileged users could use their Full Name as… |
Revive |
Adserver |
2026-06-23T16:14:38.240Z | 2026-06-23T17:25:34.164Z |
| CVE-2026-44960 |
0 (3.0)
|
A stored XSS can be exploited by leveraging the u… |
Revive |
Adserver |
2026-06-23T16:14:38.124Z | 2026-06-23T17:46:02.076Z |
| CVE-2026-44961 |
0 (3.0)
|
The XML‑RPC API addUser method has a validation b… |
Revive |
Adserver |
2026-06-23T16:14:38.126Z | 2026-06-23T17:44:07.348Z |
| CVE-2026-55611 |
0 (3.1)
|
AnythingLLM: embed-parsed-file cleanup deletes any par… |
Mintplex-Labs |
anything-llm |
2026-06-24T17:17:03.479Z | 2026-06-24T18:32:39.765Z |
| CVE-2026-58026 |
0 (4.0)
|
$wgNonincludableNamespaces can be bypassed by embeddin… |
Wikimedia Foundation |
MediaWiki |
2026-07-01T15:10:34.559Z | 2026-07-01T15:50:17.256Z |